--- title: Getting Started with Datadog description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog --- # aws_vpn_connection{% #aws_vpn_connection %} ## `account_id`{% #account_id %} **Type**: `STRING` ## `category`{% #category %} **Type**: `STRING`**Provider name**: `Category`**Description**: The category of the VPN connection. A value of `VPN` indicates an Amazon Web Services VPN connection. A value of `VPN-Classic` indicates an Amazon Web Services Classic VPN connection. ## `core_network_arn`{% #core_network_arn %} **Type**: `STRING`**Provider name**: `CoreNetworkArn`**Description**: The ARN of the core network. ## `core_network_attachment_arn`{% #core_network_attachment_arn %} **Type**: `STRING`**Provider name**: `CoreNetworkAttachmentArn`**Description**: The ARN of the core network attachment. ## `customer_gateway_configuration`{% #customer_gateway_configuration %} **Type**: `STRING`**Provider name**: `CustomerGatewayConfiguration`**Description**: The configuration information for the VPN connection's customer gateway (in the native XML format). This element is always present in the CreateVpnConnection response; however, it's present in the DescribeVpnConnections response only if the VPN connection is in the `pending` or `available` state. ## `customer_gateway_id`{% #customer_gateway_id %} **Type**: `STRING`**Provider name**: `CustomerGatewayId`**Description**: The ID of the customer gateway at your end of the VPN connection. ## `gateway_association_state`{% #gateway_association_state %} **Type**: `STRING`**Provider name**: `GatewayAssociationState`**Description**: The current state of the gateway association. ## `options`{% #options %} **Type**: `STRUCT`**Provider name**: `Options`**Description**: The VPN connection options. - `enable_acceleration`**Type**: `BOOLEAN`**Provider name**: `EnableAcceleration`**Description**: Indicates whether acceleration is enabled for the VPN connection. - `local_ipv4_network_cidr`**Type**: `STRING`**Provider name**: `LocalIpv4NetworkCidr`**Description**: The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. - `local_ipv6_network_cidr`**Type**: `STRING`**Provider name**: `LocalIpv6NetworkCidr`**Description**: The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection. - `outside_ip_address_type`**Type**: `STRING`**Provider name**: `OutsideIpAddressType`**Description**: The type of IPv4 address assigned to the outside interface of the customer gateway. Valid values: `PrivateIpv4` | `PublicIpv4`**Default**: `PublicIpv4` - `remote_ipv4_network_cidr`**Type**: `STRING`**Provider name**: `RemoteIpv4NetworkCidr`**Description**: The IPv4 CIDR on the Amazon Web Services side of the VPN connection. - `remote_ipv6_network_cidr`**Type**: `STRING`**Provider name**: `RemoteIpv6NetworkCidr`**Description**: The IPv6 CIDR on the Amazon Web Services side of the VPN connection. - `static_routes_only`**Type**: `BOOLEAN`**Provider name**: `StaticRoutesOnly`**Description**: Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP. - `transport_transit_gateway_attachment_id`**Type**: `STRING`**Provider name**: `TransportTransitGatewayAttachmentId`**Description**: The transit gateway attachment ID in use for the VPN tunnel. - `tunnel_inside_ip_version`**Type**: `STRING`**Provider name**: `TunnelInsideIpVersion`**Description**: Indicates whether the VPN tunnels process IPv4 or IPv6 traffic. - `tunnel_options`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `TunnelOptions`**Description**: Indicates the VPN tunnel options. - `dpd_timeout_action`**Type**: `STRING`**Provider name**: `DpdTimeoutAction`**Description**: The action to take after a DPD timeout occurs. - `dpd_timeout_seconds`**Type**: `INT32`**Provider name**: `DpdTimeoutSeconds`**Description**: The number of seconds after which a DPD timeout occurs. - `enable_tunnel_lifecycle_control`**Type**: `BOOLEAN`**Provider name**: `EnableTunnelLifecycleControl`**Description**: Status of tunnel endpoint lifecycle control feature. - `ike_versions`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `IkeVersions`**Description**: The IKE versions that are permitted for the VPN tunnel. - `value`**Type**: `STRING`**Provider name**: `Value`**Description**: The IKE version. - `log_options`**Type**: `STRUCT`**Provider name**: `LogOptions`**Description**: Options for logging VPN tunnel activity. - `cloud_watch_log_options`**Type**: `STRUCT`**Provider name**: `CloudWatchLogOptions`**Description**: Options for sending VPN tunnel logs to CloudWatch. - `log_enabled`**Type**: `BOOLEAN`**Provider name**: `LogEnabled`**Description**: Status of VPN tunnel logging feature. Default value is `False`. Valid values: `True` | `False` - `log_group_arn`**Type**: `STRING`**Provider name**: `LogGroupArn`**Description**: The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to. - `log_output_format`**Type**: `STRING`**Provider name**: `LogOutputFormat`**Description**: Configured log format. Default format is `json`. Valid values: `json` | `text` - `outside_ip_address`**Type**: `STRING`**Provider name**: `OutsideIpAddress`**Description**: The external IP address of the VPN tunnel. - `phase1_dh_group_numbers`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `Phase1DHGroupNumbers`**Description**: The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 IKE negotiations. - `value`**Type**: `INT32`**Provider name**: `Value`**Description**: The Diffie-Hellmann group number. - `phase1_encryption_algorithms`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `Phase1EncryptionAlgorithms`**Description**: The permitted encryption algorithms for the VPN tunnel for phase 1 IKE negotiations. - `value`**Type**: `STRING`**Provider name**: `Value`**Description**: The value for the encryption algorithm. - `phase1_integrity_algorithms`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `Phase1IntegrityAlgorithms`**Description**: The permitted integrity algorithms for the VPN tunnel for phase 1 IKE negotiations. - `value`**Type**: `STRING`**Provider name**: `Value`**Description**: The value for the integrity algorithm. - `phase1_lifetime_seconds`**Type**: `INT32`**Provider name**: `Phase1LifetimeSeconds`**Description**: The lifetime for phase 1 of the IKE negotiation, in seconds. - `phase2_dh_group_numbers`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `Phase2DHGroupNumbers`**Description**: The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 IKE negotiations. - `value`**Type**: `INT32`**Provider name**: `Value`**Description**: The Diffie-Hellmann group number. - `phase2_encryption_algorithms`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `Phase2EncryptionAlgorithms`**Description**: The permitted encryption algorithms for the VPN tunnel for phase 2 IKE negotiations. - `value`**Type**: `STRING`**Provider name**: `Value`**Description**: The encryption algorithm. - `phase2_integrity_algorithms`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `Phase2IntegrityAlgorithms`**Description**: The permitted integrity algorithms for the VPN tunnel for phase 2 IKE negotiations. - `value`**Type**: `STRING`**Provider name**: `Value`**Description**: The integrity algorithm. - `phase2_lifetime_seconds`**Type**: `INT32`**Provider name**: `Phase2LifetimeSeconds`**Description**: The lifetime for phase 2 of the IKE negotiation, in seconds. - `pre_shared_key`**Type**: `STRING`**Provider name**: `PreSharedKey`**Description**: The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and the customer gateway. - `rekey_fuzz_percentage`**Type**: `INT32`**Provider name**: `RekeyFuzzPercentage`**Description**: The percentage of the rekey window determined by `RekeyMarginTimeSeconds` during which the rekey time is randomly selected. - `rekey_margin_time_seconds`**Type**: `INT32`**Provider name**: `RekeyMarginTimeSeconds`**Description**: The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey. - `replay_window_size`**Type**: `INT32`**Provider name**: `ReplayWindowSize`**Description**: The number of packets in an IKE replay window. - `startup_action`**Type**: `STRING`**Provider name**: `StartupAction`**Description**: The action to take when the establishing the VPN tunnels for a VPN connection. - `tunnel_inside_cidr`**Type**: `STRING`**Provider name**: `TunnelInsideCidr`**Description**: The range of inside IPv4 addresses for the tunnel. - `tunnel_inside_ipv6_cidr`**Type**: `STRING`**Provider name**: `TunnelInsideIpv6Cidr`**Description**: The range of inside IPv6 addresses for the tunnel. ## `routes`{% #routes %} **Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `Routes`**Description**: The static routes associated with the VPN connection. - `destination_cidr_block`**Type**: `STRING`**Provider name**: `DestinationCidrBlock`**Description**: The CIDR block associated with the local subnet of the customer data center. - `source`**Type**: `STRING`**Provider name**: `Source`**Description**: Indicates how the routes were provided. - `state`**Type**: `STRING`**Provider name**: `State`**Description**: The current state of the static route. ## `state`{% #state %} **Type**: `STRING`**Provider name**: `State`**Description**: The current state of the VPN connection. ## `tags`{% #tags %} **Type**: `UNORDERED_LIST_STRING` ## `transit_gateway_id`{% #transit_gateway_id %} **Type**: `STRING`**Provider name**: `TransitGatewayId`**Description**: The ID of the transit gateway associated with the VPN connection. ## `type`{% #type %} **Type**: `STRING`**Provider name**: `Type`**Description**: The type of VPN connection. ## `vgw_telemetry`{% #vgw_telemetry %} **Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `VgwTelemetry`**Description**: Information about the VPN tunnel. - `accepted_route_count`**Type**: `INT32`**Provider name**: `AcceptedRouteCount`**Description**: The number of accepted routes. - `certificate_arn`**Type**: `STRING`**Provider name**: `CertificateArn`**Description**: The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate. - `last_status_change`**Type**: `TIMESTAMP`**Provider name**: `LastStatusChange`**Description**: The date and time of the last change in status. This field is updated when changes in IKE (Phase 1), IPSec (Phase 2), or BGP status are detected. - `outside_ip_address`**Type**: `STRING`**Provider name**: `OutsideIpAddress`**Description**: The Internet-routable IP address of the virtual private gateway's outside interface. - `status`**Type**: `STRING`**Provider name**: `Status`**Description**: The status of the VPN tunnel. - `status_message`**Type**: `STRING`**Provider name**: `StatusMessage`**Description**: If an error occurs, a description of the error. ## `vpn_connection_arn`{% #vpn_connection_arn %} **Type**: `STRING` ## `vpn_connection_id`{% #vpn_connection_id %} **Type**: `STRING`**Provider name**: `VpnConnectionId`**Description**: The ID of the VPN connection. ## `vpn_gateway_id`{% #vpn_gateway_id %} **Type**: `STRING`**Provider name**: `VpnGatewayId`**Description**: The ID of the virtual private gateway at the Amazon Web Services side of the VPN connection.